[Libvir] Patch for routed virtual networks

Daniel P. Berrange berrange at redhat.com
Sun Mar 9 21:09:25 UTC 2008

On Sat, Mar 08, 2008 at 04:33:32PM +0100, Mads Chr. Olesen wrote:
> Greetings!
> The attached patch adds support for having routed virtual networks, in
> addition to the masquerading setup possible with the "<forward />"
> stanza.
> I have added a <route dev="ethX" /> stanza (dev is optional), completely
> equivalent to the <forward /> stanza.

This is still forwarding of traffic, so I think we should just use the
existing  <forward/> element and have an extra attribute to indiciate
the type of forwarding, eg

   <forward/>                      (defaults to mode="nat" for compat)
   <forward mode="nat"/>
   <forward mode="route"/>
   <forward mode="nat" dev="ethX"/>
   <forward mode="route" dev="ethX"/>

> Summary of changes:
>  * Added <route /> stanza to XML parsing/creation
>  * Refactored qemudAddIptablesRules to allow for the routed network type
>  * In iptables.c: 
>     * Renamed iptables(.*)ForwardAllowIn to
> iptables(.*)ForwardAllowRelatedIn, to better reflect their function
>     * Added iptables(.*)ForwardAllowIn functions, that do not require
> traffic to be related
> Comments are very much appreciated :-)

I'm a little unclear on how this actually works. You add iptables rules to
allow traffic in/out, but you're not adding any routing table entries, nor
turning on proxy_arp, so I don't see how this will actually work in practice.

Are you assuming the admin has already added suitable routing rules & turned
on proxy arp ?

|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list